Skip to content

@ShreyaGangishetty ShreyaGangishetty released this Aug 29, 2019

Community Contributors to this Release

@53ningen, @cfbarbero, @easydonny, @eduardovra, @falnyr, @Gaurav2Github, @kdnakt, @lo1tuma, @parimaldeshmukh, @sambattalio, @yan12125

API Key Authorization

This is the first step in supporting ApiGateway API Keys and Usage Plans in SAM. You can now require API Keys on API endpoints by specifying ApiKeyRequired: true in the Auth property of a Serverless::Api or in a Serverless::Function event configuration. In upcoming releases we will provide support for usage plans. For more information about setting up and using API Keys, see the developer documentation. A big thank you to @cfbarbero for contributing this feature! (#943)

Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Auth:
        ApiKeyRequired: true # sets for all resource methods

  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: index.handler
      Runtime: nodejs8.10
      Events:
        ApiKey:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /
            Method: get
            Auth:
              ApiKeyRequired: true # sets for single resource method

API Resource Policies

This is the first of two proposed changes to add support for ApiGateway resource policies; the second change will come in a future release. This change adds support for the CustomStatements field of the ResourcePolicy field inside the Auth property of a Serverless::Api. This property allows template authors to set one or multiple resource policies that will be added to the ApiGateway RestApi. Resource policies are also necessary for using PRIVATE API Gateway APIs. For more information about creating and using resource policies for APIs, see this blog post. (#1045)

Globals:
  Api:
    Auth:
      ResourcePolicy:
        CustomStatements:
          - Effect: "Allow"
            Principal: "*"
            Action: "execute-api:Invoke"
            Resource: "execute-api:*/*/*"
Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: index.handler
      Runtime: nodejs8.10
      Events:
        Api:
          Type: Api
          Properties:
            Method: put
            Path: /

Change Log:

  1. (#996)(#1018)(#1023)(#1024)(#1027)(#1031)(#1041)(#1048)(#1049)(#1064) Documentation and example updates.
  2. (#985) Remove unused CollectionId parameter from RekognitionFacesPolicy
  3. (#1011) Add es:ESHttpPut in ElasticsearchHttpPostPolicy
  4. (#989) Support SNS topic from a different region in a Serverless::Function event
  5. (#943) Support ApiKey Auth
  6. (#993) Support adding tags to API Stage
  7. (#1006) Add optional Enabled, Name, Description fields to CloudWatch Schedule Events
  8. (#998) Update requirements
  9. (#986) Allow setting InvokeRole for AWS_IAM Auth to NONE
  10. (#1034) Remove cfn-lint from tests
  11. (#992) Fix invalid Lambda function permissions on API path
  12. (#1054) Make sure Name and Type exist as properties of PrimaryKey for Serverless::SimpleTable
  13. (#1045) API Gateway Resource Policies support
  14. (#1062) Make sure ApplicationId property of Location on Serverless::Application is not null
  15. (#988) Add support for using Fn::If in function policies
Assets 2
You can’t perform that action at this time.